>2.3.5 has been released, and there are 2-3 minor fixes >to ppolicy included. You should upgrade.
Thanks, I have done this just today. My problem remains. >What do you mean by "user can't authenticate" ? >Certainly they should still be able to Bind Yes you are correct. User with pwdReset flag set to "TRUE", may subsequently authenticate. My problem occurs later, after I clear the pwdReset flag on user's operational attribute. (To clear the pwdReset flag, I set to a value of "FALSE"). Subsequent LDAP operations generate this error: "error result (50); Operations are restricted to bind/unbind/abandon/StartTLS/modify password; Insufficient access" Regardless of operation or user. IOW - every subsequent operation I then perform on directory, receives this error. This holds true even for rootdn user operations. The process remains in this state, until I restart slapd, at which time it resumes normal operation.
